#
# This is before squid is installed on initial setup so it runs on squid install
#
- name: add squid tmpfiles.d to make run dir for smp ipc sockets. 
  copy: src=squid-tmpfiles dest=/etc/tmpfiles.d/squid.conf owner=root group=root mode=644
  tags:
  - packages
  - kojipkgs

- name: install squid server packages
  yum: name={{ item }} state=present
  with_items:
  - squid
  - httpd
  - mod_ssl
  - libsemanage-python
  tags:
  - packages
  - kojipkgs

- name: make nfs mount directories
  file: state=directory path={{ item }} owner=root group=root mode=755
  with_items:
  - /mnt/fedora_koji
  - /mnt/fedora_app
  - /mnt/fedora_app/app
  tags:
  - kojipkgs

- name: make mnt/koji directory
  file: state=link src=/mnt/fedora_koji/koji dest=/mnt/koji owner=root group=root
  tags:
  - kojipkgs

- name: set seboolean for squid server
  seboolean: name=httpd_can_network_connect state=true persistent=true
  tags:
  - kojipkgs

- name: set seboolean for nfs httpd
  seboolean: name=httpd_use_nfs state=true persistent=true
  tags:
  - kojipkgs

- name: install squid config files
  copy: src={{ item }} dest=/etc/squid/{{ item }} owner=root group=root mode=644
  with_items:
  - squid.conf
  - cachemgr.conf
  notify:
  - restart squid
  tags:
  - kojipkgs

- name: install apache config files for squid
  copy: src={{ item }} dest=/etc/httpd/conf.d/{{ item }} owner=root group=root mode=644
  with_items:
  - kojipkgs.conf
  - infrastructure.conf
  notify:
  - reload httpd
  tags:
  - kojipkgs

- name: make sure httpd ssl.conf is not around (conflicts with squid)
  file: dest=/etc/httpd/conf.d/ssl.conf state=absent
  notify:
  - reload httpd
  tags:
  - kojipkgs
  
- name: make sure httpd listens on port 8080
  lineinfile: dest=/etc/httpd/conf/httpd.conf state=present regexp="^Listen 80" line="Listen 8080"
  notify:
  - reload httpd
  tags:
  - kojipkgs

- name: Copy squid ssl cert from puppet private
  copy: > 
    src="{{private}}/files/httpd/wildcard-2014.squid.cert" 
    dest=/etc/pki/tls/certs/wildcard-2014.squid.cert 
    owner=root group=root mode=0644
  tags:
  - kojipkgs
  notify:
  - reload httpd

- name: Copy squid ssl key from puppet private
  copy: >
    src="{{private}}/files/httpd/wildcard-2014.fedoraproject.org.key" 
    dest=/etc/pki/tls/private/wildcard-2014.fedoraproject.org.key
    owner=root group=root mode=0600
  tags:
  - kojipkgs
  notify:
  - reload httpd

- name: set squid to start on boot
  service: name=squid enabled=true state=running
  tags:
  - services
  - kojipkgs
